University of Rochester

Personal Information Taken Illegally from University Database

January 11, 2009

The names and Social Security numbers of approximately 450 University of Rochester students and former students were accessed and copied illegally from a non-academic student database in recent weeks. The University is notifying by e-mail and letter the individuals whose personal information was copied to an off-campus IP address. The investigation of the incident, which was discovered on the evening of Jan. 7, is continuing.

"We are dedicated to the integrity of our information systems and to reducing the potential for risks of identity theft for our current and former students," said University Provost Ralph Kuncl. "We have alerted the FBI, the New York State Attorney General, the Consumer Protection Board, and the Office of Cyber Security. Our network security staff have taken immediate, concrete steps to minimize the chances of this happening again."

The University will pay for credit protection monitoring and insurance for one year for the individuals affected by the hacking incident.

Exactly when and how personal information was copied from the non-academic student database is under investigation. This database has been taken off-line.

Inquires about this incident can be made to Sharon Dickman at University Communications at (585) 275-4128 or e-mail